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REMARKS 

Reconsideration of this Application is respeclfully requested. 
Claims 1, and 3-16 are pending in the application, with claims 1, 10, and 16 being the 
independent claims. 

Based on the above amendments and following remarks. Applicants respectftdly request that 
Ac Examiner reconsider all outstanding rejections and that they be withdrawn. 



Rejections under 3S V.S.C. § 102 

In the Action on pages 2-3, sections 4-8, claims 1 , 3. 7-10 and 13-1 6 are rejected as being 
anticipated by "OASIS Security Services Technical Committee SAML Issues List" by Hal Lockhart 
(hereinafter "LockharT). Applicants respectftilly traverse the flection. 

As amended, claim 1 recites: A method for sesure mutual authentication comprising the 
steps of: authenticating a customer at a first web site; ^ier mdhentication, receiving a selection 
from said customer at said first web site requiring trtmtfer to a second web site, wherein said firei 
web site is ind^endent of said second web sit^ after receiving said selection, generating an 
authentication message for said customer at said first web site, said authentication message devoid 
of intelligent information of said customer and comprising a permanent customer pseudonym that 
uniquely identifies said customer and is devoid ofintelttgent Infifrmation of said customer, and 
qfter generating said authentication message, transferring said auOientication message from said 
first web site to said second web site for authentication of said customer by said second web site, 

Lockhart teaches, gentrally, a user going directly to a destination web site without first 
being authenticated at a source web site. The destination web site redirects the user to the user's 
home security domain, or source web site, for authentication. Lockhart, page 13 "First Contact". 
The source web site then authenticates the user and provides an authentication reference, or name 
assertion reference, and redirects the user to Hie destination web site with the authentication 
reference. The destination web site next requests Ac iuithentication docximent fiom the source web 
site, and the source web site provides the authentication document to the destination web site. 
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which, in response, provides the resource to the user. Lockhart, page 14. Lockbart fails to teach at 
least thee elements of claim 1 . 

First, Lockhait feils to teach after authfenty^^on, receiving a selectioD from said customer at 
said first web site requiring transfer to a second web site. Instead, Lockhart teaches the user 
initially going directly to the second web site (i.e., Am? destination web site of Lockhart), then being 
returned to the first web site (i.e. the source web site of Lockhart) for authentication. In contrast, in 
claim 1 , the uscr/insi authenticates at a first web site, and then makes a selection requiring transfer 
to a second web sitc» 

Second, Lockhart fails to teach a sermanent customer pseudonym that uniquely identifies a 
customer and is devoi d of intelligent information of said customer . While Lockhart uses the term 
"pseudonym", this pseudonym is "an attribute in an assertion that identifies the principal, but is not 
the identifier tised in the principars home domain.** Lockhart, page 1 5. There is no teaching or 
suggestion in Lockhart that a pseudonym be devoid of intelligent information of the customer, 
merely that it be different from the identifier used in the home domain. Further, Lockhart appears to 
teach a pseudonym having intelligent information: "At an implementation level AND at a 
specification level, I can*t see how a pseudonym shovld differ from a *real' name." Lockhart, page 
15. In contrast, as disclosed in the specification, the customer pseudonym of claim 1 is unique for a 
specific customer from a specific site. In operation, tlic same customer pseudonym could be 
generated by different partner sites and still be valid. J5ee, e.g., specification, page 9, lines 17-18. 

Third, Lockhart fails to teach after generating said authentication message, transferring said 
authentication mess age from said first web site to said second web site for authentication of said 
customer by said second web site. Instead, Lockhart leaches an authentication reference transferred 
fix)m a first web site (i.e., the source web site of Lockliart) to the second web site, which causes the 
second web site to request an authentication documem' from the first web site. In response to the 
request, the first web site transfers the authentication document to the second web site. If, 
arguendo, the authentication reference of Lockhart is the same as the authentication message of 
claim 1, then the authentication reference of Lockhart is not sufficient for the second web site to 
authenlieate. 
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Lockhart therefore fidls to teach at least three elemots of claim 1, and Applicants 
respectfully assert that claim 1 is not anticipated by I^khart and request that the rejection be 
withdra>vn and the claim allowed. 

Claims 3, 7-9 depend from claim 1 and are allowable as being dependent from an allowable 

claim. 

Clauns 10 and 16 recite features similar to those in claim 1 and are allowable for at least the 
same reasons as given above for claim 1 . 

Claims 13-15 depend from claim 10 and are allowable as being dependent from an allowable 

claim. 

Rejections under 35 § 103 

In the Action on pages 4-5, sections 10-11, claims 4-6, 11 and 12 are rejected as bemg 
unpatentable over Lockhart in view of EP 0 940 960 Al to Le Berre (hereinafter "Lc Berre"). 
Applicants respectfully traverse the rejection. 

Claims 4-6 depend from claim 1 , claims 1 1 and 12 depend from claim 1 0, and are allowable 
at least for being dependent from on allowable claim. 

Further, Le Berre, alone or in combination with Lockhart, fails to overcome the deficiencies 
of Lockhart with respect to the independent claims. Specifically, Le Berre fails to teach or suggest 
generatmg an authentication message that comprises a customer pseudonym that uniquely identifies 
the customer and is devoid of intelligent information of the customer. Instead, Le Berre teaches 
sending a signed URL from a first web site to a second web site. The format of the signed URL 
includes a user ID, which is a "suing representing the user." Sec Lc Berre, col. 6, line 41 . The 
signed URL as shown m FIG, 5 of Lc Berre does not contain a customer pseudonym that is devoid 
of intelligent information of the customer, and instead, contains intelligent information of the 
customer. The user ID and other components of the signed URL in Le Berre are used by Surlserver 
B to identify a customer in order to authenticate the customer at the second web site. Le Berre, 
col. 9, para. 0032. In contrast, the authentication message of claim 1 comprises a customer 
pseudonym that is devoid of any intelligent inforaiation of the customer. Therefore, Le Berre, alone 

or in combination with Lockhart, fails to teach an authentication message that comprises a customer 
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pseudonym that uniquely identifies the customer and is devoid of intelligent information of the 
customer. 

Second, Le Bene teaches away from the combination proposed by the Action. Specifically, 
Le Bene fails to teach receiving a selection from said customer at said first web site requiring 
transfer to a second web site, wherein said first web site is independent of said second web site. 
Instead, Le Berre teaches a muhi-homed resource within one or^ization. Sec, e.g., Le Berre, 
coL 2, para* 07, 16, and 30. The multi-homed resources of Le Berre have access to the same 
authentication services. Le Herrc does not teach transfer between web sites that arc independent of 
each other. In contrast, in claim 1 , the first and second web sites are independent of each other, as 
described, for example, on page 2, para, 5 of the specification. One of ordinary skill in the art 
would therefore not be motivated to combine Le Ben-e with Tvockhart because Le Berre 
contemplates only authentication within a single organization. 

Therefore, the combination of Lockhart and LrC Berre fail to teach or suggest the claimed 
invention. Applicants respectfully request that the rejection be withdrawn and the clauns be 
allowed. 
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CoHcUision 

All of the stated grounds of rejectioa have been properly traversed, accommodated, or 
rendered moot Applicants therefore respectfully request that the Bxacniner reconsider all presently 
outstanding rejections and that they be withdrawn. A^pplicants bdleve that a Ml and complete reply 
has been made to the outstanding Office Action and, as such, the presait application is in condition 
for allowance. If the Exanuner believes, for any reason, that personal communication will expedite 
prosecution of ttis application, the Examine is hereby invited to telephone the imdersigned at the 
number provided. 



Dated: September 20, 2006 Re^e^^Iysul 



Byj!. 




Caroline J. Swi^ell 
Registration^o.: 56,784 

Michael A. Sddon 

RqpstxationNo.: 41,289 

VENABLE LLP 

P.O. Box 34385 

Washington, DC 20043-9998 

(202) 344-4000 

(202) 344-8300 (Fax) 

Attorney/ Agent For Applicant 
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